A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method begins by performing a key derivation function on a password to produce a key and issuing a set of blinded passwords to a set of storage units, where the blinded passwords are generated based on the key. The method continues by receiving at least a decode threshold number of confidential information responses, where each of the confidential information responses includes an encrypted encoded data slice and an associated passkey, regenerating a set of keys using the associated passkeys of the confidential information, decrypting a set of encrypted slices of the confidential information using the set of keys to reproduce a set of encoded data slices, and dispersed storage error decoding a decode threshold number of the set of reproduced encoded data slices to produce recovered data.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method comprises: performing a key derivation function on a password to produce a key; issuing a set of blinded passwords to a set of storage units, where the set of blinded passwords are generated based on the key; receiving at least a decode threshold number of confidential information responses, where each of the confidential information responses includes an encrypted encoded data slice and an associated passkey; regenerating a set of keys using the associated passkeys of the at least a decode threshold number of confidential information responses; decrypting a set of encrypted encoded data slices of the confidential information using the set of keys to reproduce a set of encoded data slices; and dispersed storage error decoding a decode threshold number of the set of encoded data slices to produce recovered data.
2. The method of claim 1 , wherein the associated passkey includes at least a first passkey generated by a corresponding storage unit of the set of storage units in accordance with a formula of: passkey 1=bpass1^e1 modulo p, where e1 is a recovered random number associated with the encrypted encoded data slice and a corresponding original random number.
3. The method of claim 1 , wherein the set of blinded passwords are generated based on the key includes generating a first blinded password in accordance with a formula of: blinded password 1=[[MGF(KEY)]^2]^b1 modulo p, where b1 is a random number of a set of random numbers.
4. The method of claim 1 , wherein the regenerating a set of keys using passkeys of the confidential information includes generating a first key of the set of keys in accordance with a formula of key 1=passkey1^v1 modulo p; where b1*v1=1 modulo q and where q=(p−1)/2.
5. The method of claim 4 further comprises decrypting an encrypted data slice 1 using the first key 1 to produce an encoded data slice 1 of the set of encoded data slices.
6. The method of claim 1 , wherein the key derivation function includes at least one algorithm requiring increased time or memory resources while attempting each of a plurality of candidate passwords.
7. A computing device of a group of computing devices of a dispersed storage network (DSN), the computing device comprises: an interface; a local memory; and a processing module operably coupled to the interface and the local memory, wherein the processing module functions to: perform a key derivation function on a password to produce a key; issue a set of blinded passwords to a set of storage units, where the set of blinded passwords are generated based on the key; receive at least a decode threshold number of confidential information responses, where each of the confidential information responses includes an encrypted encoded data slice and an associated passkey; regenerate a set of keys using the associated passkeys of the at least a decode threshold number of confidential information responses; decrypt a set of encrypted encoded data slices of the confidential information using the set of keys to reproduce a set of encoded data slices; and disperse storage error decoding a decode threshold number of the set of encoded data slices to produce recovered data.
8. The computing device of claim 7 , wherein the associated passkey includes at least a first passkey generated by a corresponding storage unit of the set of storage units in accordance with a formula of: passkey 1=bpass1^e1 modulo p, where e1 is a recovered random number associated with the encrypted encoded data slice and a corresponding original random number.
9. The computing device of claim 7 , wherein the set of blinded passwords are generated based on the key includes generating a first blinded password in accordance with a formula of: blinded password 1=[[MGF(KEY)]^2]^b1 modulo p, where b1 is a random number of a set of random numbers.
10. The computing device of claim 7 , wherein the regenerate a set of keys using passkeys of the confidential information includes generating a first key of the set of keys in accordance with a formula of key 1=passkey1^v1 modulo p; where b1*v1=1 modulo q and where q=(p−1)/2.
11. The computing device of claim 10 further comprises decrypting an encrypted data slice 1 using the first key 1 to produce an encoded data slice 1 of the set of encoded data slices.
12. The computing device of claim 7 , wherein the key derivation function includes at least one algorithm requiring increased time or memory resources while attempting each of a plurality of candidate passwords.
13. A distributed storage network (DSN) system comprises: a plurality of DSN storage units; a dispersed storage client module including: an interface; a local memory; and a processing module operably coupled to the interface and the local memory, wherein the processing module functions to: perform a key derivation function on a password to produce a key; issue a set of blinded passwords to a set of the plurality of DSN storage units, where the set of blinded passwords are generated based on the key; receive at least a decode threshold number of confidential information responses, where each of the confidential information responses includes an encrypted encoded data slice and an associated passkey; regenerate a set of keys using the associated passkeys of the at least a decode threshold number of confidential information responses; decrypt a set of encrypted encoded data slices of the confidential information using the set of keys to reproduce a set of encoded data slices; and disperse storage error decoding a decode threshold number of the set of encoded data slices to produce recovered data.
14. The DSN system of claim 13 , wherein the associated passkey includes at least a first passkey generated by a corresponding storage unit of the set of the plurality of DSN storage units in accordance with a formula of: passkey 1=bpass1^e1 modulo p, where e1 is a recovered random number associated with the encrypted encoded data slice and a corresponding original random number.
15. The DSN system of claim 13 , wherein the set of blinded passwords are generated based on the key includes generating a first blinded password in accordance with a formula of: blinded password 1=[[MGF(KEY)]^2]^b1 modulo p, where b1 is a random number of a set of random numbers.
16. The DSN system of claim 13 , wherein the regenerate a set of keys using passkeys of the confidential information includes generating a first key of the set of keys in accordance with a formula of key 1=passkey1^v1 modulo p; where b1*v1=1 modulo q and where q=(p−1)/2.
17. The DSN system of claim 16 further comprises decrypting an encrypted data slice 1 using the first key 1 to produce an encoded data slice 1 of the set of encoded data slices.
18. The DSN system of claim 13 , wherein the key derivation function includes at least one algorithm requiring increased time or memory resources while attempting each of a plurality of candidate passwords.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
August 2, 2018
May 5, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.